WPA2 vulnerability found
'Hole 196' means malicious insiders could spoof WI-Fi packets, compromise WLAN
Wireless Alert By Joanie Wexler, Network World July 23, 2010 12:59 PM ET
Perhaps it was only a matter of time. But wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available.
Malicious insiders can exploit the vulnerability, named "Hole 196" by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried.
Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.
The researcher who discovered Hole 196, Md Sohail Ahmad, AirTight technology manager, intends to demonstrate it at two conferences taking place in Las Vegas next week: Black Hat Arsenal and DEF CON 18.
The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability, Ahmad says. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.
Ahmad explains it this way:
...
This puts my weekend world on its head. I'm now in danger of having my neighbors on this otherwise-quiet suburban street find out my ultimate secret ...
... that my life really _is_ *that* boring.
This kind of security "exploit" is tailor-made for the ever-shorter news cycle: a flash in the electronic pan perfectly timed to grab the (admittedly minute) imaginations of our nations' "reporters", and just awesome fer-shur as a "tease" for the evening news: a helping hand extended to the lizardlike programming directors of our information-spigot-spinners after Washington's spin-masters have called it quits for the weekend.
News flash: if it's in the docs, it's *NOT* an exploit.
Bill Horne Moderator